Discoverable (resident), Non-Discoverable and Derived SSH Keys

Hi All,

I am just looking to better understand this stop and I am not getting enough information in the documents to help me join the dots.

Resident SSH Keys
I understand with resident SSH keys that the all the information including the identity file is located on the OnlyKey making it a self contained package where I can access my SSH private key anywhere as long as I have the OnlyKey.

  1. Can someone please confirm that when I execute the ssh-add -K command, the identity file is loaded into the ssh agent not the private key?

Non-Discoverable Credentials
Non-Discoverable Credentials are created using the keying material on the OnlyKey but the associated identity file is kept on disk.

 ssh-keygen -t ed25519-sk
  1. What happens if I delete the identity file, can the identity file be regenerated or is the key now useless?
  2. Is the identity file an AES encrypted file and is not sensitive in and of itself?
  3. I assume that the inputs to the keying process is more than just the keying material on the OnlyKey which therefore allows you to create an unlimited number ssh keys? (e.g. a nonce value which would therefore also prevent regenerating keys?)

** Derived SSH Keys**
From what I can tell the only-agent is required because it somehow enables the regeneration of a key as long as the input e.g `onlykey-agent sometext’ is identical to the key you are seeking to recover.

General Question
Just trying to understand what the onlykey-agent does above and beyond ssh-keygen for the key generation process only.

Thank you